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The Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1. (Previously presented) Apparatus providing one or more computer services for a plurality 
of customers, the apparatus comprising a real computer on which is set up at the request of each of 
said customers at least one virtual machine for each of said customers, said at least one virtual 
machine for each of said customers having a specification specified by and configurable by the 
respective customer and having an operating system running thereon, 

2.. (Original) Apparatus according to claim 1, wherein plural virtual machines are set up 
within the real computer for at least one of said customers. 

3, (Original) Apparatus according to claim 1, wherein the or each virtual machine for at least 
one of said customers is connected to a virtual network set up for said at least one customer within 
the real computer, 

4, (Original) Apparatus according to claim 3, comprising a virtual intrusion detection device 
for detecting an attack on the virtual network., 

5, (Original) Apparatus according to claim 1, wherein at least one virtual machine is 
connected to a virtual firewall that is connectable to an external network to which customers and/or 
other users can connect such that access to said at least one virtual machine by a customer or other 
user via a said external network can only take place through a virtual firewall. 

6, (Original) Apparatus according to claim 1, wherein the or each virtual machine for a 
particular customer is connected to a virtual firewall that is dedicated to that customer's virtual 
machine or machines, each virtual firewall being connectable to an external network to which each 
of said customers and/or other - users can connect such that access to a virtual machine by a 
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customer or other user via a said external network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

7. (Original) Apparatus according to claim 6, wherein each virtual firewall is set up within 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connectable to an external network. 

8. (Original) Apparatus according to claim 7, wherein the second port of each virtual firewall 
is connected to the same virtual network that is set up within the real computer and that is 
connectable to an external network. 

9. (Original) Apparatus according to claim 5, wherein the or at least one of the virtual 
firewalls is implemented by a virtual machine on the real computer, said virtual firewall virtual 
machine running firewall software, 

10. (Original) Apparatus according to claim 1, comprising a plurality of real data storage 
devices and at least one virtual storage subsystem that is configured to allow said real data storage 
devices to emulate one or more virtual storage devices. 

11. (Original) Apparatus according to claim 10, wherein the at least one virtual storage 
subsystem is configured to emulate at least one respective virtual storage device for each customer; 

12. (Original) Apparatus according to claim 10, comprising a detection device for detecting 
evidence of malicious software or hostile attack signatures on the at least one virtual storage 
subsystem. 

13. (Original) Apparatus according to claim 1, wherein the apparatus is configurable to 
provide at least one of the services selected from: file, data and archiving services; applications 
hosting services; database hosting services; data warehouse services; knowledge management 
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hosting services; digital media production services; "intellectual property" and streaming media 
services; simple web hosting services; complex e-Commerce web hosting services; high 
performance computation services; electronic messaging and conferencing services; and, learning 
neuro-computer services. 

14. (Original) Apparatus according to claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between at least some of said 
virtual machines. 

15.. (Original) Apparatus according claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between at least one virtual 
machine and an external computer. 

16. (Original) Apparatus according claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between a first virtual network 
and a second virtual network, 

17. (Original) Apparatus according to claim 1, comprising virtual private network software to 
provide an encrypted communication channel for communication between a virtual network and an 
external computer. 

18. (Original) Apparatus according claim 1, wherein the real computer comprises plural 
physical computers. 

19. (Original) In combination, a first apparatus according to claim 1 and a second apparatus 
that is substantially identical to said first apparatus, the first and second apparatus being connected 
by a communications channel so that the second apparatus can provide for redundancy of the first 
appar atus thereby to provide for disaster recovery if the first apparatus fails. 

20.. (Previously presented) A method of providing one or more computer services for a 
plurality of customers, the method comprising the steps of: 
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a service provider setting up on a real computer at the request of each of said customers at 
least one virtual machine for each of said customers, said at least one virtual machine for each of 
said customers having a specification specified by and configurable by the respective customer and 
having an operating system running thereon.. 

2L (Original) A method according to claim 20, comprising the step of setting up plural virtual 
machines within the real computer for at least one of said customers . 

22 (Original) A method according to claim 20, comprising the steps of setting up a virtual 
network for at least one of said customers within the real computer, and connecting the or each 
virtual machine for said at least one customer to said virtual network, 

23.. (Original) A method according to claim 22, comprising the step of using a virtual intrusion 
detection device for detecting an attack on the virtual network.. 

24 (Original) A method according to claim 20, comprising the steps of connecting at least one 
virtual machine to a virtual firewall, and connecting the or each virtual firewall to an external 
network to which customers and/or other users can connect such that access to a virtual machine 
by a customer or other user via a said external network can only take place through a virtual 
firewall 

25, (Original) A method according to claim 20, comprising the step of connecting the or each 
virtual machine for a particular customer to a virtual firewall that is dedicated to that customer's 
virtual machine or machines, and connecting each virtual firewall to an external network to which 
each of said customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said external network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

26. (Original) A method according to claim 25, wherein each virtual firewall is set up within 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
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firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connected to an external network. 

27. (Original) A method according to claim 26, wherein the second port of each virtual 
firewall is connected to the same virtual network that is set up within the real computer and that is 
connectable to an external network. 

28 . (Original) A method according to claim 20, comprising the step of configuring at least one 
virtual storage subsystem to allow multiple real data storage devices to emulate one or more virtual 
storage devices. 

29, (Original) A method according to claim 28, comprising the step of configuring the at least 
one virtual storage subsystem to emulate at least one respective virtual storage device for each 
customer 

30, (Original) A method according to claim 28, comprising the step of using a detection device 
for detecting evidence of malicious software or hostile attack signatures on the at least one virtual 
storage subsystem., 

31. (Original) A method according to claim 20, wherein the services provided include at least 
one of the services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Comnierce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, learning neuro-computer services. 

32. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least some of said virtual machines. 
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33 . (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least one virtual machine and an external computer, 

34 (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
first virtual network and a second virtual network. 

35. (Original) A method according to claim 20, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
virtual network and an external computer. 

36. (Original) A method according to claim 20, comprising the step of moving said at least one 
virtual machine from a first real computer to a second real computer 

37. (Previously presented) A method of operating a real computer on behalf of plural 
customers, the method comprising the step of: 

operating plural virtual machines on the real computer, each of said plural virtual machines 
having a specification specified by and configurable by a respective one of the customers in 
accordance with a computer service to be provided by the virtual machine on behalf of that 
customer, each of said virtual machines having an operating system running thereon, 

38 . (Original) A method according to claim 37, comprising the step of operating plural virtual 
machines within the real computer for at least one of said customers. 

39.. (Original) A method according to claim 37, comprising the step of operating a virtual 
network for at least one of said customers within the real computer; the or each virtual machine for 
said at least one customer being connected to said virtual network .. 

40,. (Original) A method according to claim 39, comprising the step of using a virtual intrusion 
detection device for detecting an attack on the virtual network. 
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41. (Original) A method according to claim 37, wherein at least one virtual machine is 
connected to a virtual firewall, the or each virtual firewall being connected to an external network 
to which customers and/or other users can connect such that access to a virtual machine by a 
customer or other user via a said external network can only take place tlirough a virtual firewall, 

42.. (Original) A method according to claim 37, wherein the or each virtual machine for a 
particular customer is connected to a virtual firewall that is dedicated to that customer's virtual 
machine or machines, each virtual firewall being connected to an external network to which each 
of said customers and/or other users can connect such that access to a virtual machine by a 
customer or other user 1 via a said external network can only take place through a virtual firewall 
provided for that virtual machine or machines. 

43.. (Original) A method according to claim 42, wherein each virtual firewall is set up within 
the real computer, the or each virtual machine for each customer being connected to a first port of 
the virtual firewall that is dedicated to that customer's virtual machine or machines, each virtual 
firewall having a second port connected to a virtual network that is set up within the real computer 
and that is connected to an external network. 

44, (Original) A method according to claim 43, wherein the second port of each virtual 
firewall is connected to the same virtual network that is set up within the real computer and that is 
connectable to an external network, 

45, (Original) A method according to claim 37, wherein at least one virtual storage subsystem 
is provided and configured to allow multiple real data storage devices to emulate one or more 
virtual storage devices. 

46, (Original) A method according to claim 45, wherein the at least one virtual storage 
subsystem is configured to emulate at least one respective virtual storage device for each customer 
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47. (Original) A method according to claim 45, wherein a detection device is used for 
detecting evidence of malicious software or hostile attack signatures on the at least one virtual 
storage subsystem. 

48. (Original) A method according to claim 37, wherein the services provided include at least 
one of the services selected from: File, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, learning neuro-computer services* 

49. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least some of said virtual machines. 

50. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between at 
least one virtual machine and an external computer: 

5L (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
first virtual network and a second virtual network- 

52.. (Original) A method according to claim 37, comprising the step of using virtual private 
network software to provide an encrypted communication channel for communication between a 
virtual network and an external computer, 

53. (Currently amended) A method according to claim 37, comprising the step of moving said 
at least one virtual machine from a first real computer to a second real computer. 
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54, (Previously presented) A method of providing for a plurality of customers one or more 
computer services selected from: file, data and archiving services; applications hosting services; 
database hosting services; data warehouse services; knowledge management hosting services; 
digital media production services; "intellectual property" and streaming media services; simple 
web hosting services; complex e-Commerce web hosting services; high performance computation 
services; electronic messaging and conferencing services; and, learning neuro-computer services; 
the method comprising the steps of: 

setting up on a real computer at the request of each of said customers at least one virtual 
machine for each of said customers, said at least one virtual machine for each of said customers 
having a specification determined in accordance with the computer service or services requested by 
said customer and being configurable by said customer, said at least one virtual machine having an 
operating system running thereon, 

55, (Original) A method according to claim 54, comprising the step of moving said at least one 
virtual machine from a first real computer to a second real computer. 

56, (Previously presented) Apparatus according to claim 1, wherein at least one of said virtual 
machines provides at least a virtual central processor unit. 

57, (Previously presented) Apparatus according to claim 1, wherein at least one of said virtual 
machines is created using a virtual machine abstraction program, 

58, (Previously presented) Apparatus according to claim 1, wherein at least one of said virtual 
machines is created using machine simulation/emulation software. 

59, (Previously presented) A method according to claim 20, wherein at least one of said virtual 
machines provides at least a virtual central processor unit. 

60, (Previously presented) A method according to claim 20, wherein at least one of said virtual 
machines is created using a virtual machine abstraction program. 
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61. (Previously presented) A method according to claim 20, wherein at least one of said virtual 
machines is created using machine simulation/emulation software, 

62. (Previously presented) A method according to claim 37, wherein at least one of said virtual 
machines provides at least a virtual central processor unit. 

63. (Previously presented) A method according to claim 37, wherein at least one of said virtual 
machines is created using a virtual machine abstraction program 

64. (Previously presented) A method according to claim 37, wherein at least one of said virtual 
machines is created using machine simulation/emulation software. 
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REMARKS/ARGUMENTS 

Applicant acknowledges receipt of the Office Action dated July 22, 2005, in which the 
Examiner maintained the rejection of claims 1-3, 10-11, 13, 18-22, 28-29, 31, 36-39, 45-46, 48 and 
53-55 as obvious over Bugnion (US 6075938) in view of Derks (US 6810033 B2); maintained the 
rejection of claims 4-9, 12, 14-17, 23-27, 30, 32-35, 40-44, 47 and 49-52 as obvious over Bugnion 
(US 6075938) in view of Derks (US 6810033 B2) in combination with Bowman-Amuah (US 
6697824), and added a rejection of claims 37-39, 45-46, 48, 53 and 62-64 as anticipated under § 
102(e) by Devine (US 6397242 Bl). 

Applicant again thanks the Examiner for her thoroughness in preparing the Office Action, 
At the same time, Applicant respectfully submits that the rejections of the present claims must fail 
for the reasons set out below. 
Status of the Claims 

Claims 1-64 are pending. All claims are rejected 
Rejections under 35 U.S.C. § 103(a) 

In support of her rejection of claims 1-3, 10-1 1, 13, 18-22, 28-29, 31, 36-39, 45-46, 48 and 
53-55 as obvious over Bugnion in view of Derks, the Examiner asserts that Bugnion teaches "a 
combination of innovative emulation of the Direct Memory Access engine and standard distributed 
file system protocols to support a global buffer catch that is transparently shared across all virtual 
machines. . . operating system allows applications to explicitly share memory region across virtual 
machine boundaries and server' contains interface to setup these shared regions to allow processes 
running on multiple virtual machines to share memory. . „ and the at least one virtual machine for 
each of said customers having a specification specified by the respective customer." 

Applicant very respectfully points out that the passages cited by the Examiner in support of 

her assertion that Bugnion teaches the present invention, Le. col, 5, lines 1-13 and col, 8, lines 56- 

66, simply do not support the Examiner's position. The cited lines read: 

The approach of the present invention offers two different possible solutions to 
handle applications whose resource needs exceed the scalability of commodity 
operating systems. First, a relatively simple change to the commodity operating 
system can allow applications to explicitly s hare [sic] memory regions across 
virtual machine boundaries. The monitor contains a simple interface to setup these 
shared regions. The operating system is extended with a special virtual memory 
segment driver to allow processes running on multiple virtual machines to share 
memory. For example, a parallel database server could put its buffer cache in such a 
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shared memory region and have query engines running on multiple virtual 
machines, 

FIG.. 1 shows how the virtual machine monitor allows multiple copies of 
potentially different operating systems to coexist. In this figure, five virtual 
machines coexist on the multiprocessor. Some virtual machines run commodity 
uniprocessor or multiprocessor operating systems, and others run specialized 
operating systems fine-tuned for specific workloads. The virtual machine monitor 
schedules the virtual resources (processor and memory) or the virtual machines on 
the physical resources of the scalable multiprocessor. 

Like the rest of the Bugnion disclosure, these passages do not contain any mention of a 

"customer," "third party," or other term that could be construed in the manner asserted by the 

Examiner, or of providing "computer services" for the "customers," 

Applicant again respectfully submits that the rejection over Bugnion is based on a 
fundamental misunderstanding as to what is claimed in the present application and what is 
disclosed in the cited art. Specifically, Bugnion discloses a virtual machine monitor that can be 
used to implement and supervise the operations of several virtual machines within a computer 
Virtual machines, and the operation of virtual machines, are background art to both Bugnion and 
the present invention, having been known for several years, Bugnion's virtual machine monitor- 
operates to set up and supervise, or "monitor", virtual machines within a computer, so as to 
enhance their operations. 

However, Bugnion does not contemplate a system in which one or more virtual machine is 
set up for and by each of several customers to provide computer services for the customers., This 
concept of allowing multiple third parties to configure and control a plurality of virtual machines 
within a computer is entirely novel, As evidence of the novelty and non-obviousness of the 
presently claimed concepts, Applicants submit herewith an Affidavit of Geoffrey Donald Tremain, 
who is the inventor of the present case and an expert in the technology underlying this invention. 

As set out in the Affidavit, until the present invention, virtual machines on a single 
computer were controlled by a single entity, often a single individual, and were typically used for 
diagnostic or comparative assessments of software (such as new applications or operating systems 
being developed by the individual). Neither Bugnion nor the other references discloses or suggests 
the use of plural virtual machines on a real computer in which at least one virtual machine is set up 
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by and for each of the customers, with each of those virtual machines having a specification that is 
specified by the respective customer.. 

As stated in the present specification, the problems solved by the present invention were 
significant and very real technical problems. At the time of the invention, entities who provided 
hosting services for multiple third parties (Le, customers) either used multiple physical computers, 
with a respective real computer being dedicated to each customer, or resorted to a space-sharing 
system that did not allow the security and independence that are afforded by the present invention. 

Despite the significant cost and maintenance implications for the provider, despite the need 
for a system that would avoid these problems, and despite the existence of virtual machines, until 
the present invention, no one had contemplated a system in accordance with the present invention , 
In the face of such a long-felt need, Applicants conception of the present invention is a patentable 
advance over the state of the art. 

As discussed in the previous Response and in the enclosed Affidavit, Derks refers to 
"Private Virtual Networking", which is more commonly known as 'Virtual private networking" or 
"VPN." This technology relates solely to telephony and specifically to techniques for making a 
secure transmission channel over an insecure network. This has nothing whatsoever to do with 
virtual machine technology, Moreover, the examiner on page 3 of the office action of December 9, 
2004 asserts that one having ordinary skill in the art at the time the invention was made would 
employ the teachings of Derks with the system of Bugnion because "it would allow to identify the 
gateway with the internet address carried by the set up request message and transmit data over the 
connection in order to address one out of more terminals connected to the remote gateway and set 
up a virtual connection," However, this statement does not support the examiner's position. 
Indeed, and again as set out in the enclosed Affidavit, it cannot be seen that this has any relevance 
to the present invention: the examiner's references to "gateway", "internet address", "terminals 
connected to the remote gateway" and "virtual connection" make no sense in the context of the 
present invention, which relates to an innovative use of virtual machines to provide computer 
services to customers. Hence, the combination of Derks with Bugnion simply does not support the 
present obviousness rejection 
Rejections under 35 U.S.C § 102(e) 

In support of her rejection of claims 37-39, 45-46, 48, 53 and 62-64, the Examiner cites 
Devine, However, as discussed in the enclosed Affidavit, in terms of its relevance to the present 
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invention, Devine in essence discloses the same subject matter as Bugnion and is therefore equally 
irrelevant In particular, as with Bugnion, Devine does not contemplate a system in which one or 
more virtual machine is set up for and by each of several customers to provide computer services 
for the customers. Hence, Devine does not anticipate claim 37, or claims 38, 39, 45, 46, 48, 53 and 
62-64. 

For all of the foregoing reasons, it is respectfully submitted that the invention of each 
independent claim is patentable. Because the rejection of the independent claims must fail, the 
rejection of claims 4-9, 12, 14-17, 23-27, 30, 32-35, 40-44, 47 and 49-52 as obvious over Bugnion 
in view of Derks in combination with Bowman- Amuah must also fail 
Affidavit 

Applicant respectfully submits the attached Affidavit, which demonstrates why, in context 
of the state of the art to which this invention relates, the present claims describe a novel and non- 
obvious approach that was not contemplated by others, Indeed, others, when faced with the 
problems that are solved by the present invention, took burdensome and expensive steps because 
they did not have the benefit of the present concepts. 
Conclusion 

Applicant respectfully submits that the claims are in condition for allowance. If the 
Examiner has any questions or comments, or otherwise feels it would be advantageous, she is 
encouraged to telephone the undersigned at (713) 238-8043. 




Reg. No. 36,962 
Conley, Rose P C. 
P. O Box 3267 
Houston, Texas 77253-3267 
(713) 238-8000 
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Commissioner for Patents 
P O. Box 1450 
Alexandria, VA 223 13- 1 450 
Sir: 



PURPOSE OF DECLARATION 



This decimation is made in support of ihe Response to hinal Of/ice Action Dated Jul) 22 
2005. which is filed concurrently herewith 



1 I, Geoffrey Donald Tiemain, stale as follows: 

2 1 am over 1 8 yeais of age and competent to make this Affidavit; 

2v 1 am employed by Ernst & Young Services Limited, a wholh owned subsidiary company 
of Ernst & Young LLP, the assignee of the above-identified pending patent application, and have 
been employed by them since Novembei 1996 as an information systems and security consultant, 
w ith the current grade of Senioi Manager: 

4 I obtained a Bachelor of Science degree with honours in Physics from the University of 
BrisioL UK in 1986 

5. I am the sole named inventoi in the above-identified pending patent application: 



STATEMENT OF FACTS 



1 



6 in brief, ihe principal problem which is ackliessccl b\ m\ invention as defined b) the 
independent claims of the present application is how to host 01 piovicle computer services (such as 
applications hosting services, web hosting services, etc- as detailed in ihe present application) for 
plural customeis in a secure wa\ whilst minimizing the real physical resources which aie tequired 
This is a significant and vei\ reai and am em technical problem 

7 At present, those who are providing such hosting sen ices fot thud parties tvpical!\ ha\e 
ver\ man\ reai computers, with a respective real computer being dedicated to each customer. 
Before m\ invention, this was the accepted wa\ of providing such services, being the most 
stiaight forward and obvious was to provide such services This has significant cost and 
maintenance implications foi the provider, which incvitabl) icsuhs in relative!)- high costs being 
passed onto the customers Moreover, if ctistomets urn applications on a shaied computer with a 
common operating environment, data and applications will be fat less isolated I torn each other 
raising security, funetionalil) and performance difficulties. 

8 The present invention solves this technical problem with a technical solution, namely the 
cteation and use of plural vimial machines for the respective customeis The present invention 
delivers significant commercial advantages which include but are not limited to: lowei costs of 
provisioning of set vice fot the supplier; allowing higher profit margins as well as more competitive 
pricing to customers, and the ability to cieatc. modi!) and terminate instant! \ and flexibl) 
customer-specified and configured computing infrastructure on demand, in a wa\ that provides 
strong isolation between different customers' systems, as well as strong isolation between systems 
of a single customer, for example when security isolation is desired between different parts of a 
system In summary, the present invention gives customeis the benefits of dedicated computer 
systems for the costs of shaied ones, as well as giving them great flexibility in the speed with 
which they can procure, specify and configure their systems, Similar!), for the seivice provider, 
this provides a very competitive wa> of providing computer services to customers oiTeiing a mix 
of price, seem it) isolation and flexibilil) benefits which cannot be achieved with conventional 
approaches, 

9 At the date of filing of the present patent application, and indeed generally today* state-of- 
the-art approaches to provision of computer infiastructure b\ service ptovideis to customers simph 



did not and could not deliver these benefits, nor did they employ the present invention Instead, as 
mentioned in paragfaph 7 above, the state-of-the-art appi caches either involved procurement, 
installation and configuration of dedicated infiasttucture with resulting costs and considerable 
elapsed time, even though the customer's applications would not necessarily consume all available 
system capacity, or the) imolved use ol shaied systems which did not deliver the necessary degree 
of security isolation needed for the majority of business applications- Because of these limitations, 
most users o!" large-scale computer systems still choose to opetate dedicated systems themselves, 
and aie burdened with the necessary procurement, build and operating costs and elapsed time 
involved. Those skilled in the ait o! "information systems infrastructure provision will recognize 
the potential of my invention to transform fundamentally the current global market in information 
technology infrastructure provision; 

10 i have reviewed U,S. Patent No. 6,075 938 to Bugnion el al (heremafiet '"Bugnioif K U S, 
Patent No. 6,810,033 to Derks (hereinafter Detks"). U S Patent No. 6,397,242 to Devine et al 
(hereinafter "Devine")* and U S Patent No. 6,697.824 to Bowmnn-Airniah (hereinafter "Bowman- 
Amimlv"), which are cited against the present application: 

1 1 . The examiner asserts (section 8 of the OA) that the subject matter of independent claims L 
20 and 54 is obvious in view of Bugnion and Derks: 

12. in respect of claims 1 and 20, the examiner asserts (pages 12 and 13 of the OA) that 
Bugnion discloses "apparatus or a method providing one or more computei ,,,sg|yices ii lbr a plurality 
of customers , the apparatus comprising a real computet on which is set up of [sic] each of said 
customers at least one virtual machine for each of said customer said at least one virtual machine 
for each of said customets having a specification sp e cified bv and co n f igur able by the re spective 
customer and having an opeiating system tunning thereon v [emphasis added]. However; based on 
my teview of Bugnion, I can state that Bugnion does not make any reference to customers at alL 
and does not disclose providing one or mote computer services for a plurality of customers, nor 
setting up a virtual machine for each of a plurality of customers, nor a virtual machine that has a 
specification that is specified by and configurable by a customer, nor the benefits of the application 
of such technology as described in paragraph 8 abo\e; 
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13, The examiner further asserts (page 13 of'lhe OA) thai Bugnion does not explicitly leach 
"sol up request o Teach oT said customeis [sic]' ~ I can state that this is line, because Bugnion does 
not refer to customeis at all. as stated above: 

I -I The examiner luilher asserts (page 13 of the OA) thai Derks discloses "set up request of 
each of said customers lo set up virtual connections" As I will explain luilher below, Derks does 
not disclose virtual machines at all, but instead relates (only) to private virtual networking of voice 
telephony, rather than computei service piovision; 

15 In respect of claim 5-L she examiner asserts (pages 13 and 14 of the OA) that Bugnron 
discloses "a method oT providing for a plurality ol' customers one o\ mote computer services 
selected liom: llle. data and archiving services; applications hosting services; database hosting 
set vices; data warehouse services: knowledge management hosting services: digital media 
production services; "intellectual properly" and streaming media services: simple web hosting 
services: complex e-commerce web hosting services; high performance computation services: 
electronic messaging and conferencing services: and. learning ueuro-compuiei services; the 
method comprising ihe steps of: selling up on a real computer of [sic] each oj , said custot nets at 
least one virtual machine for each o I" said customers , said at Seasi one virtual machine Tor each of 
said customers having a specification determined in accordance uilh the computer service, and 
being configurable bv said consumer [sic], said at least one vitiual machine having an operating 
system tunning thereon " [emphasis added] However, as slated above, Bugnion does not disclose 
customers at all and docs not disclose providing one oi moie computet services for a plurality of 
customers, nor selling up a virtual machine for each of a plurality oS customers, nor a virtual 
machine lhai has a specification that is specified by and configurable by a customer; 

16- Bugnion discloses what is known as a 'virtual machine monitor*. Le- a piece of software 
that is used to create and monitor virtual machines on a real computer I am familiar with virtual 
machines and virtual machine monitors, including the actual product that is the subject of Bugnion 
Virtual machines as such are old and well known. As mentioned on for example page 17 of the 
piesent application and at column 2, lines 36 onwards of Bugnion, IBM developed virtual machine 
technology in the late 1960s and early 1970s and therefore this technology as such has been in 
existence for a very long time. A simple definition of a virtual machine is 'a self-contained 
operating environment thai behaves as if it is a separate computer" A virtual machine is created 
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using software, such tis a virtual machine monitor as disclosed b\ Bugnion, and in essence onl) 
exists temporarily in the memory of a real computer In ihe sense tised in the present application, a 
virtual machine is a practically sell-contained operating enviionmem that behaves as if it is a 
sepasate computer, separately of the real or physical computer on which the sofiwaie thai generates 
the virtual machine is run; 

17 Virtual machines were cieated historically to allow computer scientists and the like to 
develop new software applications and operating systems safely The computer scientists would 
typically create a viitual machine on a teat machine and use the virtual machine to develop and test 
new software (such as operating systems and software applications) Plmal virtual machines might 
be set up. wilh each running different versions of the software. The main advantage ol' using the 
virtual machine rathet than the real computer was that if the software being developed caused 
problems to the operating system running on the virtual machine or to the virtual machine itself 
then only ihe viitual machine would "crash", and ihe underlying real computet would not be 
affected at all Thus, computet scientists could safely develop new sofiwaie without concern as to 
whethei the new software might cause problems for the real computer The inconvenience ol a 
real computer crashing was and is a significant problem, owing to the delay in restarting the 
computer and the like and because of the possibility of seiious and irrecoverable damage being 
caused to the real compute*. 

1 8 Thus. Bugnion is directed to and. in terms of its relevance to my invention, relates only to a 
virtual machine monitor thai can efficiently create plural virtual machines on a real computer. A 
computer scientist or' the like can use the virtual machine monitor ol Bugnion (or: for that matter, 
any other virtual machine monitor) to create plural virtual machines on a real computer. The 
computer scientist can then for example run the Linux operating system on one of those virtual 
machines, Windows XP on another of those virtual machines, MS-DOS on another of those virtual 
machines, etc. The computer scientist can then run different software applications on those virtual 
machines, or diffeient versions of the opetating systems on those virtual machines, and develop 
and test those software applications at operating systems w ithout any concern that a "crash 1! on one 
of those virtual machines might affect that software applications or operating systems running on 
the other virtual machines. In this respect, Bugnion merely discloses one piece of software which 
could be used as a tool in forming an actual commercial embodiment of m\ invention, but does not 
disclose my invention To go from the virtual machine monitor for fotming virtual machines as 
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clisclosed b\ Bugnion 10 m\ invention, which makes commercial use of \ h trial machines that have 
a specification that is specified and configurable b> a customer to piovide computet services to the 
customers with a range of distinct commercial benefits, was not an obvious modification ol the 
prior ail: 

On the other hand. Detks relates to what Derks calls "Private Virtual Networking", which 
in the Derks patent tefers to the ability of a telephone network to switch and route telephone calls 
in a particular way: 

20. As can be seen, therelbie. a virtual machine is nothing like a Private Virtual Vet work and 
\ ice veisa. The technologies and underlying concepts are entirely different they are created using 
entirely different technologies., and they were originally designed and exist Ibi entirely different 
purposes, Telephony Private Virtual Network technology is not related to the present invention 
and an understanding of telephony Private Vhtual Networks would not bring one skilled in the art 
of viitua! machines any closer la the present invention; 

2 1 For these reasons, my invention as defined in claims L 20 and 54 is not obvious in view of 
Bugnion and Derks Despite the state of the art with respect to virtual machines., until I conceived 
of the presently claimed system, in which computer services are provided for plural 
costumers by using a real computer having plural virtual machines for the different 
customers, each customer specifying and configuring their ow n virtual machine, no-one had 
contemplated such a system because no-one had appreciated that virtual machines could be 
used in this manner: 

22 The examine! objects (section 5 of the OA) that the subject matter of independent claim .37 
is known from Devine. In particular, the examiner asserts (page 5 of the OA) that Devine teaches 
'a method of operating a real computer on behalf of a plurality of customers , the method 
comprising the step of: operating plural virtual machines on the real computer, each of said plural 
virtual machines having a specification specified b\ and configurable bv a respective one of the 
customers in accordance with a computer service to be provided by the vir t u al „ inacl iine on behalf 
of that customer , each of said virtual machines having an operating system running thereon 
[emphasis added] However, based on my review of Devine, I can state that Devine does not make 
any refetence to customers at alL and does not disclose opciating a real computer on behalf of a 
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pluiality of customeis, not .setting up plural virtual machines having a specification that is specified 
h\ and configurable by the customeis: 

2.3 i note thai, in terms of its relevance to m\ invention- De\ inc in essence discloses Uie same 
concepts as Bugnion, namely a viitual machine monitor and iheretbie m\ comments above in 
iclation to Bugnion appl\ equally u> Devine I note that the three named inventors of Devine are 
the same three named inventors of Bugnion; 

24. it may be that the examiner is for some reason equaling the term "customer" as used in the 
present claims with "software application* 01 similar. However there is no basis for this 
comparison and in no sense can a "customer 1 ' be equated with or be considered to be 
analogous to a "software application" Customers are. according to standard usage of the 
term, people or entities who buy a good 01 a seivice Software applications installed h> a 
computer scientist are not "customers " Furthermore, each of the independent claims of the 
present application requires that the viitual machine have a specification that is specified 
and configurable by the customer 'To the best of nn knowledge the solium e applications 
that run on the virtual machines disclosed in Bugnion and Devine do not and cannot specif) 
or configure the specification of the virtual machine: 

25 Alternative!) or additionally, it may be that the examiner is for some reason equating the 
term "customer" as used in the present claims with a "computet scientist" or the like, who uses a 
virtual machine monitor to create viiiuai machines, However, there is no basis for this eompaiison 
and in no sense can "customer" as used in the claims of ms patent application be equated with or 
be eonsideted to be analogous to a 'computer scientist'' or the like In Bugnion for example, as 
conventional with virtual machines, typically one person (a computer scientist) would set up plural 
virtual machines on a real computer for ills own use , for example to run several operating systems, 
one within each virtual machine, In my invention, a person (such as a service provider) provides 
apparatus on which is set up plural virtual machines for the customers (i.e. for other people)- I 
refei here to claim 20 of my patent application which sped Ileal I) refers to a service provider 
setting up at least one viitual machine for each of said customers Thus., Bugnion discloses only 
one person setting up viitual machines foi his own use, wheieas my invention is concerned with 
one person (a sei vice piovider) setting up vittual machines for othej people (the customeis): 
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26 In addition, each ohhe independent claims of the piesem application requires on apparatus 
or a method that provides compu ter services (such as applications hosting services, web hosting 
sei vices, etc . as detailed in the present application and mentioned above) for customers, bv rising 
vhtuai machines The references do not suggest such a thing Bugnion for example onh discloses 
using his virtual machine monitot to form plural viitual machines on which several copies of 
compute! operating systems can be run, see for example the Sumrnun ol the invention section at 
column 4, lines 6 to 50 of Bugnion. Bugnion does not disclose using virtual machines to provide 
computet set vices: 



27. ftiithet Affiant sayeth not 



